Commit 72bb39c0 authored by Steve Langasek's avatar Steve Langasek

Import upstream version 0.7

parent bfab8d67
......@@ -22,3 +22,5 @@ shim_cert.h
*.so
*.srl
*.srl.old
*.tar.*
version.c
......@@ -38,7 +38,7 @@ AesGetContextSize (
Initializes user-supplied memory as AES context for subsequent use.
This function initializes user-supplied memory pointed by AesContext as AES context.
In addtion, it sets up all AES key materials for subsequent encryption and decryption
In addition, it sets up all AES key materials for subsequent encryption and decryption
operations.
There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
......@@ -241,7 +241,11 @@ AesCbcEncrypt (
//
// Check input parameters.
//
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
......@@ -299,7 +303,11 @@ AesCbcDecrypt (
//
// Check input parameters.
//
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
......
......@@ -32,14 +32,14 @@ Arc4GetContextSize (
// for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
// the working copy to the initial state.
//
return (UINTN) (2 * sizeof(RC4_KEY));
return (UINTN) (2 * sizeof (RC4_KEY));
}
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption
In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
operations.
If Arc4Context is NULL, then return FALSE.
......@@ -75,7 +75,7 @@ Arc4Init (
RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
CopyMem (Rc4Key + 1, Rc4Key, sizeof(RC4_KEY));
CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY));
return TRUE;
}
......@@ -115,7 +115,7 @@ Arc4Encrypt (
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL) {
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
......@@ -161,7 +161,7 @@ Arc4Decrypt (
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL) {
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
......@@ -205,7 +205,7 @@ Arc4Reset (
Rc4Key = (RC4_KEY *) Arc4Context;
CopyMem (Rc4Key, Rc4Key + 1, sizeof(RC4_KEY));
CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
return TRUE;
}
......@@ -37,7 +37,7 @@ TdesGetContextSize (
Initializes user-supplied memory as TDES context for subsequent use.
This function initializes user-supplied memory pointed by TdesContext as TDES context.
In addtion, it sets up all TDES key materials for subsequent encryption and decryption
In addition, it sets up all TDES key materials for subsequent encryption and decryption
operations.
There are 3 key options as follows:
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
......@@ -76,9 +76,9 @@ TdesInit (
KeySchedule = (DES_key_schedule *) TdesContext;
//
//
// If input Key is a weak key, return error.
//
if (DES_is_weak_key ((const_DES_cblock *) Key)) {
if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
return FALSE;
}
......@@ -90,7 +90,7 @@ TdesInit (
return TRUE;
}
if (DES_is_weak_key ((const_DES_cblock *) Key + 8)) {
if (DES_is_weak_key ((const_DES_cblock *) Key + 8) == 1) {
return FALSE;
}
......@@ -101,7 +101,7 @@ TdesInit (
return TRUE;
}
if (DES_is_weak_key ((const_DES_cblock *) Key + 16)) {
if (DES_is_weak_key ((const_DES_cblock *) Key + 16) == 1) {
return FALSE;
}
......@@ -275,7 +275,11 @@ TdesCbcEncrypt (
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
......@@ -339,7 +343,11 @@ TdesCbcDecrypt (
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
......
......@@ -34,3 +34,24 @@ index 805e6b4..bb7bcba 100644
//
// Years Handling
diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
index fb446b6..5a8322d 100644
--- a/Cryptlib/SysCall/CrtWrapper.c
+++ b/Cryptlib/SysCall/CrtWrapper.c
@@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
// -- Dummy OpenSSL Support Routines --
//
-int BIO_printf (void *bio, const char *format, ...)
-{
- return 0;
-}
-
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-{
- return 0;
-}
-
void *UI_OpenSSL(void)
{
return NULL;
......@@ -30,7 +30,7 @@ Md4GetContextSize (
//
// Retrieves the OpenSSL MD4 Context Size
//
return (UINTN)(sizeof (MD4_CTX));
return (UINTN) (sizeof (MD4_CTX));
}
/**
......@@ -61,7 +61,7 @@ Md4Init (
//
// OpenSSL MD4 Context Initialization
//
return (BOOLEAN) (MD4_Init ((MD4_CTX *)Md4Context));
return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context));
}
/**
......@@ -139,7 +139,7 @@ Md4Update (
//
// OpenSSL MD4 Hash Update
//
return (BOOLEAN) (MD4_Update ((MD4_CTX *)Md4Context, Data, DataSize));
return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize));
}
/**
......@@ -179,5 +179,5 @@ Md4Final (
//
// OpenSSL MD4 Hash Finalization
//
return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *)Md4Context));
return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context));
}
......@@ -31,7 +31,7 @@ Md5GetContextSize (
//
// Retrieves the OpenSSL MD5 Context Size
//
return (UINTN)(sizeof (MD5_CTX));
return (UINTN) (sizeof (MD5_CTX));
}
......@@ -63,7 +63,7 @@ Md5Init (
//
// OpenSSL MD5 Context Initialization
//
return (BOOLEAN) (MD5_Init ((MD5_CTX *)Md5Context));
return (BOOLEAN) (MD5_Init ((MD5_CTX *) Md5Context));
}
/**
......@@ -141,7 +141,7 @@ Md5Update (
//
// OpenSSL MD5 Hash Update
//
return (BOOLEAN) (MD5_Update ((MD5_CTX *)Md5Context, Data, DataSize));
return (BOOLEAN) (MD5_Update ((MD5_CTX *) Md5Context, Data, DataSize));
}
/**
......@@ -181,5 +181,5 @@ Md5Final (
//
// OpenSSL MD5 Hash Finalization
//
return (BOOLEAN) (MD5_Final (HashValue, (MD5_CTX *)Md5Context));
return (BOOLEAN) (MD5_Final (HashValue, (MD5_CTX *) Md5Context));
}
......@@ -31,7 +31,7 @@ Sha1GetContextSize (
//
// Retrieves OpenSSL SHA Context Size
//
return (UINTN)(sizeof (SHA_CTX));
return (UINTN) (sizeof (SHA_CTX));
}
/**
......@@ -62,7 +62,7 @@ Sha1Init (
//
// OpenSSL SHA-1 Context Initialization
//
return (BOOLEAN) (SHA1_Init ((SHA_CTX *)Sha1Context));
return (BOOLEAN) (SHA1_Init ((SHA_CTX *) Sha1Context));
}
/**
......@@ -140,7 +140,7 @@ Sha1Update (
//
// OpenSSL SHA-1 Hash Update
//
return (BOOLEAN) (SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataSize));
return (BOOLEAN) (SHA1_Update ((SHA_CTX *) Sha1Context, Data, DataSize));
}
/**
......@@ -180,5 +180,5 @@ Sha1Final (
//
// OpenSSL SHA-1 Hash Finalization
//
return (BOOLEAN) (SHA1_Final (HashValue, (SHA_CTX *)Sha1Context));
return (BOOLEAN) (SHA1_Final (HashValue, (SHA_CTX *) Sha1Context));
}
......@@ -30,7 +30,7 @@ Sha256GetContextSize (
//
// Retrieves OpenSSL SHA-256 Context Size
//
return (UINTN)(sizeof (SHA256_CTX));
return (UINTN) (sizeof (SHA256_CTX));
}
/**
......@@ -61,7 +61,7 @@ Sha256Init (
//
// OpenSSL SHA-256 Context Initialization
//
return (BOOLEAN) (SHA256_Init ((SHA256_CTX *)Sha256Context));
return (BOOLEAN) (SHA256_Init ((SHA256_CTX *) Sha256Context));
}
/**
......@@ -139,7 +139,7 @@ Sha256Update (
//
// OpenSSL SHA-256 Hash Update
//
return (BOOLEAN) (SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataSize));
return (BOOLEAN) (SHA256_Update ((SHA256_CTX *) Sha256Context, Data, DataSize));
}
/**
......@@ -179,5 +179,5 @@ Sha256Final (
//
// OpenSSL SHA-256 Hash Finalization
//
return (BOOLEAN) (SHA256_Final (HashValue, (SHA256_CTX *)Sha256Context));
return (BOOLEAN) (SHA256_Final (HashValue, (SHA256_CTX *) Sha256Context));
}
......@@ -30,7 +30,7 @@ HmacMd5GetContextSize (
//
// Retrieves the OpenSSL HMAC-MD5 Context Size
//
return (UINTN)(sizeof (HMAC_CTX));
return (UINTN) (sizeof (HMAC_CTX));
}
/**
......@@ -58,7 +58,7 @@ HmacMd5Init (
//
// Check input parameters.
//
if (HmacMd5Context == NULL) {
if (HmacMd5Context == NULL || KeySize > INT_MAX) {
return FALSE;
}
......
......@@ -30,7 +30,7 @@ HmacSha1GetContextSize (
//
// Retrieves the OpenSSL HMAC-SHA1 Context Size
//
return (UINTN)(sizeof (HMAC_CTX));
return (UINTN) (sizeof (HMAC_CTX));
}
/**
......@@ -58,7 +58,7 @@ HmacSha1Init (
//
// Check input parameters.
//
if (HmacSha1Context == NULL) {
if (HmacSha1Context == NULL || KeySize > INT_MAX) {
return FALSE;
}
......
......@@ -21,6 +21,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include "OpenSslSupport.h"
//
// Environment Setting for OpenSSL-based UEFI Crypto Library.
//
......@@ -28,25 +30,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define OPENSSL_SYSNAME_UWIN
#endif
/**
Pop single certificate from STACK_OF(X509).
If X509Stack, Cert, or CertSize is NULL, then return FALSE.
@param[in] X509Stack Pointer to a X509 stack object.
@param[out] Cert Pointer to a X509 certificate.
@param[out] CertSize Length of output X509 certificate in bytes.
@retval TRUE The X509 stack pop succeeded.
@retval FALSE The pop operation failed.
**/
BOOLEAN
X509PopCertificate (
IN VOID *X509Stack,
OUT UINT8 **Cert,
OUT UINTN *CertSize
);
#endif
......@@ -1400,7 +1400,7 @@ RsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
IN UINT8 *Signature,
IN CONST UINT8 *Signature,
IN UINTN SigSize
);
......
......@@ -27,7 +27,8 @@ OBJS = Hash/CryptMd4.o \
Cipher/CryptTdes.o \
Cipher/CryptArc4.o \
Rand/CryptRand.o \
Pk/CryptRsa.o \
Pk/CryptRsaBasic.o \
Pk/CryptRsaExt.o \
Pk/CryptPkcs7.o \
Pk/CryptDh.o \
Pk/CryptX509.o \
......
......@@ -10,7 +10,7 @@ LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
EFI_LIBS = -lefi -lgnuefi $(LIB_GCC)
CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
-Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
-Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
ifeq ($(ARCH),x86_64)
CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
endif
......@@ -215,6 +215,7 @@ OBJS = crypto/cryptlib.o \
crypto/bio/bf_null.o \
crypto/bio/bf_buff.o \
crypto/bio/b_dump.o \
crypto/bio/b_print.o \
crypto/bio/bf_nbio.o \
crypto/bio/bss_log.o \
crypto/bio/bss_bio.o \
......
This diff is collapsed.
......@@ -176,7 +176,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
char buf[4096];
char *buf = NULL;
int bufsiz;
int i, j=0, k, ret = 0;
BIO *p7bio;
BIO *tmpin, *tmpout;
......@@ -287,10 +288,16 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
BIO_set_mem_eof_return(tmpout, 0);
} else tmpout = out;
bufsiz = 4096;
buf = OPENSSL_malloc (bufsiz);
if (buf == NULL) {
goto err;
}
/* We now have to 'read' from p7bio to calculate digests etc. */
for (;;)
{
i=BIO_read(p7bio,buf,sizeof(buf));
i=BIO_read(p7bio,buf,bufsiz);
if (i <= 0) break;
if (tmpout) BIO_write(tmpout, buf, i);
}
......@@ -329,6 +336,10 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
sk_X509_free(signers);
if (buf != NULL) {
OPENSSL_free (buf);
}
return ret;
}
......
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -36,7 +36,7 @@ PasswordCallback (
{
INTN KeyLength;
ZeroMem ((VOID *)Buf, (UINTN)Size);
ZeroMem ((VOID *) Buf, (UINTN) Size);
if (Key != NULL) {
//
// Duplicate key phrase directly.
......@@ -86,31 +86,41 @@ RsaGetPrivateKeyFromPem (
return FALSE;
}
Status = FALSE;
PemBio = NULL;
//
// Add possible block-cipher descriptor for PEM data decryption.
// NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
//
EVP_add_cipher (EVP_des_ede3_cbc());
EVP_add_cipher (EVP_aes_128_cbc());
EVP_add_cipher (EVP_aes_192_cbc());
EVP_add_cipher (EVP_aes_256_cbc());
if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
return FALSE;
}
Status = FALSE;
//
// Read encrypted PEM Data.
//
PemBio = BIO_new (BIO_s_mem ());
BIO_write (PemBio, PemData, (int)PemSize);
if (PemBio == NULL) {
goto _Exit;
}
if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {
goto _Exit;
}
//
// Retrieve RSA Private Key from encrypted PEM data.
//
*RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
*RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password);
if (*RsaContext != NULL) {
Status = TRUE;
}
......
......@@ -26,6 +26,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
//
// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
//
UINT8 mSpcIndirectOidValue[] = {
0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
};
/**
Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
......@@ -70,6 +76,7 @@ AuthenticodeVerify (
UINT8 *SpcIndirectDataContent;
UINT8 Asn1Byte;
UINTN ContentSize;
UINT8 *SpcIndirectDataOid;
//
// Check input parameters.
......@@ -106,6 +113,19 @@ AuthenticodeVerify (
// some authenticode-specific structure. Use opaque ASN.1 string to retrieve
// PKCS#7 ContentInfo here.
//
SpcIndirectDataOid = (UINT8 *)(Pkcs7->d.sign->contents->type->data);
if (CompareMem (
SpcIndirectDataOid,
mSpcIndirectOidValue,
sizeof (mSpcIndirectOidValue)
) != 0) {
//
// Un-matched SPC_INDIRECT_DATA_OBJID.
//
goto _Exit;
}
SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
//
......
......@@ -32,7 +32,7 @@ DhNew (
//
// Allocates & Initializes DH Context by OpenSSL DH_new()
//
return (VOID *)DH_new ();
return (VOID *) DH_new ();
}
/**
......@@ -52,7 +52,7 @@ DhFree (
//
// Free OpenSSL DH Context
//
DH_free ((DH *)DhContext);
DH_free ((DH *) DhContext);
}
/**
......@@ -91,7 +91,7 @@ DhGenerateParameter (
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL) {
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
return FALSE;
}
......@@ -139,12 +139,13 @@ DhSetParameter (
IN CONST UINT8 *Prime
)
{
DH *Dh;
DH *Dh;
BIGNUM *Bn;
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL) {
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
return FALSE;
}
......@@ -152,14 +153,46 @@ DhSetParameter (
return FALSE;
}
Bn = NULL;
Dh = (DH *) DhContext;
Dh->p = BN_new();
Dh->g = BN_new();
Dh->g = NULL;
Dh->p = BN_new ();
if (Dh->p == NULL) {
goto Error;
}
Dh->g = BN_new ();
if (Dh->g == NULL) {
goto Error;
}
BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
BN_set_word (Dh->g, (UINT32) Generator);
Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
if (Bn == NULL) {
goto Error;
}
if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {
goto Error;
}
return TRUE;
Error:
if (Dh->p != NULL) {
BN_free (Dh->p);
}
if (Dh->g != NULL) {
BN_free (Dh->g);
}
if (Bn != NULL) {
BN_free (Bn);
}
return FALSE;
}
/**
......@@ -194,6 +227,7 @@ DhGenerateKey (
{
BOOLEAN RetVal;
DH *Dh;
INTN Size;
//
// Check input parameters.
......@@ -207,12 +241,17 @@ DhGenerateKey (
}
Dh = (DH *) DhContext;
*PublicKeySize = 0;
RetVal = (BOOLEAN) DH_generate_key (DhContext);
if (RetVal) {
Size = BN_num_bytes (Dh->pub_key);
if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
*PublicKeySize = Size;
return FALSE;
}
BN_bn2bin (Dh->pub_key, PublicKey);
*PublicKeySize = BN_num_bytes (Dh->pub_key);
*PublicKeySize = Size;
}
return RetVal;
......@@ -227,7 +266,8 @@ DhGenerateKey (
If DhContext is NULL, then return FALSE.
If PeerPublicKey is NULL, then return FALSE.
If KeySize is NULL, then return FALSE.
If KeySize is large enough but Key is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize is not large enough, then return FALSE.
@param[in, out] DhContext Pointer to the DH context.
@param[in] PeerPublicKey Pointer to the peer's public key.
......@@ -252,23 +292,37 @@ DhComputeKey (
)
{
BIGNUM *Bn;
INTN Size;
//
// Check input parameters.
//
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) {
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
return FALSE;
}
if (Key == NULL && *KeySize != 0) {
if (PeerPublicKeySize > INT_MAX) {
return FALSE;
}
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
if (Bn == NULL) {
return FALSE;
}
*KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);
Size = DH_compute_key (Key, Bn, DhContext);
if (Size < 0) {
BN_free (Bn);
return FALSE;
}
BN_free (Bn);